zettelforge 2.6.2__tar.gz → 2.8.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (434) hide show
  1. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/workflows/ci.yml +54 -18
  2. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/workflows/docs.yml +2 -2
  3. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/workflows/publish.yml +6 -2
  4. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/workflows/snyk-security.yml +3 -3
  5. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/workflows/stale.yml +1 -1
  6. {zettelforge-2.6.2 → zettelforge-2.8.0}/ARCHITECTURE.md +13 -0
  7. {zettelforge-2.6.2 → zettelforge-2.8.0}/CHANGELOG.md +101 -0
  8. zettelforge-2.8.0/GOVERNANCE.md +49 -0
  9. {zettelforge-2.6.2 → zettelforge-2.8.0}/PKG-INFO +112 -81
  10. zettelforge-2.8.0/README.md +288 -0
  11. zettelforge-2.8.0/SCOPING_DOC.md +283 -0
  12. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/BENCHMARK_REPORT.md +73 -0
  13. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/cti_retrieval_benchmark.py +2 -0
  14. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/cti_retrieval_results.json +21 -21
  15. zettelforge-2.8.0/benchmarks/instrument_lookups.py +62 -0
  16. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/locomo_benchmark.py +40 -11
  17. zettelforge-2.8.0/benchmarks/locomo_results.json +962 -0
  18. zettelforge-2.8.0/benchmarks/mine_phase_timings.py +56 -0
  19. zettelforge-2.8.0/benchmarks/profile_recall.py +61 -0
  20. zettelforge-2.8.0/benchmarks/rerank_grid.py +43 -0
  21. zettelforge-2.8.0/benchmarks/results/session_2026-06-09/locomo_results_optimized.json +962 -0
  22. {zettelforge-2.6.2 → zettelforge-2.8.0}/config.default.yaml +28 -1
  23. zettelforge-2.8.0/docs/explanation/design-philosophy-dual-hemisphere.md +159 -0
  24. zettelforge-2.8.0/docs/how-to/build-extensions.md +199 -0
  25. zettelforge-2.8.0/docs/how-to/configure-sigma-ingestion.md +183 -0
  26. zettelforge-2.8.0/docs/how-to/configure-yara-ingestion.md +223 -0
  27. zettelforge-2.8.0/docs/how-to/integrate-with-crewai.md +203 -0
  28. zettelforge-2.8.0/docs/how-to/integrate-with-langchain.md +210 -0
  29. zettelforge-2.8.0/docs/how-to/maintain-lancedb.md +82 -0
  30. zettelforge-2.8.0/docs/how-to/passive-osint-enrichment.md +70 -0
  31. zettelforge-2.8.0/docs/how-to/set-up-mcp-server.md +197 -0
  32. zettelforge-2.8.0/docs/how-to/use-detection-rules.md +191 -0
  33. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/index.md +2 -0
  34. zettelforge-2.8.0/docs/marketing/awesome-list-submissions.md +210 -0
  35. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/configuration.md +55 -2
  36. zettelforge-2.8.0/docs/reference/detection-rules-schema.md +416 -0
  37. zettelforge-2.8.0/docs/reference/editions.md +257 -0
  38. zettelforge-2.8.0/docs/reference/entity-indexer-concurrency.md +346 -0
  39. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/governance-controls.md +47 -4
  40. zettelforge-2.8.0/docs/reference/kg-edge-schema.md +415 -0
  41. zettelforge-2.8.0/docs/reference/mcp-protocol.md +723 -0
  42. zettelforge-2.8.0/docs/reference/sigma-schema-reference.md +367 -0
  43. zettelforge-2.8.0/docs/reference/yara-schema-reference.md +396 -0
  44. zettelforge-2.8.0/docs/rfcs/RFC-002a-retrieval-plumbing.md +214 -0
  45. zettelforge-2.8.0/docs/rfcs/RFC-016-osint-layer.md +413 -0
  46. zettelforge-2.8.0/docs/rfcs/RFC-017-memsad-write-time-defenses.md +402 -0
  47. zettelforge-2.8.0/docs/rfcs/RFC-018-threatrecall-next-improvements.md +255 -0
  48. zettelforge-2.8.0/examples/crewai_cti_crew.py +162 -0
  49. zettelforge-2.8.0/examples/cti_analysis.ipynb +381 -0
  50. zettelforge-2.8.0/examples/ingest_misp.py +467 -0
  51. zettelforge-2.8.0/examples/quickstart.py +35 -0
  52. zettelforge-2.8.0/examples/sample_misp_event.json +121 -0
  53. {zettelforge-2.6.2 → zettelforge-2.8.0}/mkdocs.yml +26 -9
  54. {zettelforge-2.6.2 → zettelforge-2.8.0}/pyproject.toml +33 -3
  55. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/__init__.py +5 -1
  56. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/config.py +155 -0
  57. zettelforge-2.8.0/src/zettelforge/enrichment_ledger.py +60 -0
  58. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/entity_indexer.py +96 -7
  59. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/fact_extractor.py +11 -3
  60. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/governance_validator.py +9 -0
  61. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/graph_retriever.py +37 -3
  62. zettelforge-2.8.0/src/zettelforge/integrations/__init__.py +22 -0
  63. zettelforge-2.8.0/src/zettelforge/integrations/crewai.py +368 -0
  64. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/intent_classifier.py +6 -1
  65. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/json_parse.py +7 -1
  66. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_client.py +13 -3
  67. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/litellm_provider.py +36 -7
  68. zettelforge-2.8.0/src/zettelforge/memory_defense.py +508 -0
  69. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/memory_evolver.py +9 -2
  70. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/memory_manager.py +402 -81
  71. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/memory_updater.py +24 -2
  72. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/note_constructor.py +11 -10
  73. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/ontology.py +5 -0
  74. zettelforge-2.8.0/src/zettelforge/osint/THIRD_PARTY/AGE-120-pip-audit.md +51 -0
  75. zettelforge-2.8.0/src/zettelforge/osint/THIRD_PARTY/LICENSE-Apache-2.0.txt +201 -0
  76. zettelforge-2.8.0/src/zettelforge/osint/THIRD_PARTY/NOTICE +32 -0
  77. zettelforge-2.8.0/src/zettelforge/osint/THIRD_PARTY/PROVENANCE.md +65 -0
  78. zettelforge-2.8.0/src/zettelforge/osint/THIRD_PARTY/THIRD_PARTY_NOTICES.md +37 -0
  79. zettelforge-2.8.0/src/zettelforge/osint/__init__.py +109 -0
  80. zettelforge-2.8.0/src/zettelforge/osint/collectors/__init__.py +5 -0
  81. zettelforge-2.8.0/src/zettelforge/osint/collectors/breach/__init__.py +17 -0
  82. zettelforge-2.8.0/src/zettelforge/osint/collectors/breach/breach_directory.py +46 -0
  83. zettelforge-2.8.0/src/zettelforge/osint/collectors/breach/hibp_collector.py +167 -0
  84. zettelforge-2.8.0/src/zettelforge/osint/collectors/financial/__init__.py +15 -0
  85. zettelforge-2.8.0/src/zettelforge/osint/collectors/financial/wallet_collector.py +194 -0
  86. zettelforge-2.8.0/src/zettelforge/osint/collectors/infrastructure/__init__.py +25 -0
  87. zettelforge-2.8.0/src/zettelforge/osint/collectors/infrastructure/bgp_collector.py +124 -0
  88. zettelforge-2.8.0/src/zettelforge/osint/collectors/infrastructure/cert_collector.py +124 -0
  89. zettelforge-2.8.0/src/zettelforge/osint/collectors/infrastructure/dns_collector.py +274 -0
  90. zettelforge-2.8.0/src/zettelforge/osint/collectors/infrastructure/port_scanner.py +109 -0
  91. zettelforge-2.8.0/src/zettelforge/osint/collectors/infrastructure/whois_collector.py +330 -0
  92. zettelforge-2.8.0/src/zettelforge/osint/collectors/people/__init__.py +22 -0
  93. zettelforge-2.8.0/src/zettelforge/osint/collectors/people/holehe_collector.py +44 -0
  94. zettelforge-2.8.0/src/zettelforge/osint/collectors/people/hunter_collector.py +54 -0
  95. zettelforge-2.8.0/src/zettelforge/osint/collectors/people/maigret_collector.py +145 -0
  96. zettelforge-2.8.0/src/zettelforge/osint/collectors/people/namechk_collector.py +42 -0
  97. zettelforge-2.8.0/src/zettelforge/osint/collectors/social/__init__.py +17 -0
  98. zettelforge-2.8.0/src/zettelforge/osint/collectors/social/hashtag_tracker.py +46 -0
  99. zettelforge-2.8.0/src/zettelforge/osint/collectors/social/twitter_collector.py +49 -0
  100. zettelforge-2.8.0/src/zettelforge/osint/collectors/tech/__init__.py +17 -0
  101. zettelforge-2.8.0/src/zettelforge/osint/collectors/tech/builtwith_collector.py +53 -0
  102. zettelforge-2.8.0/src/zettelforge/osint/collectors/tech/wappalyzer_collector.py +56 -0
  103. zettelforge-2.8.0/src/zettelforge/osint/entity_resolver.py +285 -0
  104. zettelforge-2.8.0/src/zettelforge/osint/executor.py +543 -0
  105. zettelforge-2.8.0/src/zettelforge/osint/investigation.py +129 -0
  106. zettelforge-2.8.0/src/zettelforge/osint/ontology.py +631 -0
  107. zettelforge-2.8.0/src/zettelforge/osint/transform_registry.py +123 -0
  108. zettelforge-2.8.0/src/zettelforge/prompt_injection_guard.py +117 -0
  109. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/scripts/human_eval_sampler.py +2 -2
  110. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/scripts/telemetry_dashboard.py +1 -1
  111. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/ingest.py +11 -2
  112. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sqlite_backend.py +174 -1
  113. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/storage_backend.py +21 -0
  114. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/synthesis_generator.py +29 -10
  115. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/telemetry.py +50 -14
  116. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/vector_memory.py +56 -2
  117. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/vector_retriever.py +24 -2
  118. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/cccs_metadata.py +13 -10
  119. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/ingest.py +20 -2
  120. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/parser.py +20 -6
  121. zettelforge-2.8.0/tests/test_cccs_metadata.py +51 -0
  122. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_conversational_entities.py +36 -0
  123. zettelforge-2.8.0/tests/test_crewai_integration.py +312 -0
  124. zettelforge-2.8.0/tests/test_defense_reference_window.py +87 -0
  125. zettelforge-2.8.0/tests/test_embedding_cache.py +71 -0
  126. zettelforge-2.8.0/tests/test_enrichment_switch.py +76 -0
  127. zettelforge-2.8.0/tests/test_graph_scoping.py +147 -0
  128. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_json_parse.py +18 -1
  129. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_llm_client.py +6 -2
  130. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_llm_providers.py +123 -9
  131. zettelforge-2.8.0/tests/test_max_tokens_budgets.py +202 -0
  132. zettelforge-2.8.0/tests/test_memory_defense.py +90 -0
  133. zettelforge-2.8.0/tests/test_memory_defense_equivalence.py +223 -0
  134. zettelforge-2.8.0/tests/test_memory_manager_flush.py +96 -0
  135. zettelforge-2.8.0/tests/test_osint_age119_gap_types.py +94 -0
  136. zettelforge-2.8.0/tests/test_osint_collectors.py +440 -0
  137. zettelforge-2.8.0/tests/test_osint_enrichers_age120.py +458 -0
  138. zettelforge-2.8.0/tests/test_osint_entities.py +281 -0
  139. zettelforge-2.8.0/tests/test_osint_entity_resolver.py +84 -0
  140. zettelforge-2.8.0/tests/test_osint_executor.py +274 -0
  141. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_performance.py +7 -3
  142. zettelforge-2.8.0/tests/test_prompt_injection_guard.py +104 -0
  143. zettelforge-2.8.0/tests/test_remember_chunked.py +72 -0
  144. zettelforge-2.8.0/tests/test_rerank_policy.py +103 -0
  145. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_sigma_ingest.py +49 -6
  146. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_sqlite_backend.py +54 -0
  147. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_yara_ingest.py +45 -0
  148. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_yara_parser.py +14 -0
  149. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/search.js +16 -1
  150. zettelforge-2.6.2/GOVERNANCE.md +0 -24
  151. zettelforge-2.6.2/README.md +0 -270
  152. zettelforge-2.6.2/benchmarks/locomo_results.json +0 -287
  153. zettelforge-2.6.2/examples/quickstart.py +0 -18
  154. zettelforge-2.6.2/src/zettelforge/integrations/__init__.py +0 -10
  155. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/CODEOWNERS +0 -0
  156. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/ISSUE_TEMPLATE/bug_report.md +0 -0
  157. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/ISSUE_TEMPLATE/feature_request.md +0 -0
  158. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/SECURITY.md +0 -0
  159. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/dependabot.yml +0 -0
  160. {zettelforge-2.6.2 → zettelforge-2.8.0}/.github/pull_request_template.md +0 -0
  161. {zettelforge-2.6.2 → zettelforge-2.8.0}/.gitignore +0 -0
  162. {zettelforge-2.6.2 → zettelforge-2.8.0}/CODEOWNERS +0 -0
  163. {zettelforge-2.6.2 → zettelforge-2.8.0}/CODE_OF_CONDUCT.md +0 -0
  164. {zettelforge-2.6.2 → zettelforge-2.8.0}/CONTRIBUTING.md +0 -0
  165. {zettelforge-2.6.2 → zettelforge-2.8.0}/CONTRIBUTORS.md +0 -0
  166. {zettelforge-2.6.2 → zettelforge-2.8.0}/Dockerfile +0 -0
  167. {zettelforge-2.6.2 → zettelforge-2.8.0}/LICENSE +0 -0
  168. {zettelforge-2.6.2 → zettelforge-2.8.0}/MANIFEST.in +0 -0
  169. {zettelforge-2.6.2 → zettelforge-2.8.0}/ROADMAP.md +0 -0
  170. {zettelforge-2.6.2 → zettelforge-2.8.0}/SECURITY.md +0 -0
  171. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/LOCOMO_BENCHMARK_COMPARISON.md +0 -0
  172. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/auto_ralph.py +0 -0
  173. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/benchmark_harness.py +0 -0
  174. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/cti_benchmark_v2.py +0 -0
  175. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/cti_v2_results.json +0 -0
  176. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/ctibench_benchmark.py +0 -0
  177. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/ctibench_results.json +0 -0
  178. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/dataset.json +0 -0
  179. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/enterprise-attack.json +0 -0
  180. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/evolve_benchmark.py +0 -0
  181. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/evolve_results.json +0 -0
  182. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/graph_test.py +0 -0
  183. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/locomo_results_v1.3.0_baseline.json +0 -0
  184. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/memoryagentbench.py +0 -0
  185. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/memoryagentbench_results.json +0 -0
  186. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/mempalace_benchmark.py +0 -0
  187. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/mempalace_results.json +0 -0
  188. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/naive_memory.py +0 -0
  189. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/opencti_benchmark.py +0 -0
  190. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/ragas_benchmark.py +0 -0
  191. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/ragas_cti_results.json +0 -0
  192. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/ragas_results.json +0 -0
  193. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/results/benchmark_report.md +0 -0
  194. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/results/ralph_optimization_log.json +0 -0
  195. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/scale_benchmark.py +0 -0
  196. {zettelforge-2.6.2 → zettelforge-2.8.0}/benchmarks/scale_results.json +0 -0
  197. {zettelforge-2.6.2 → zettelforge-2.8.0}/config.example.yaml +0 -0
  198. {zettelforge-2.6.2 → zettelforge-2.8.0}/docker/docker-compose.yml +0 -0
  199. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/.well-known/security.txt +0 -0
  200. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/CNAME +0 -0
  201. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/THREAT_MODEL.md +0 -0
  202. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/architecture-diagram.mmd +0 -0
  203. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/archive/PACKAGE_SUMMARY.md +0 -0
  204. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/archive/README.md +0 -0
  205. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/archive/SKILL.md +0 -0
  206. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/ZettelForge_Architecture.mmd +0 -0
  207. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/architecture-overview.mmd +0 -0
  208. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/architecture-read-path.mmd +0 -0
  209. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/architecture-write-path.mmd +0 -0
  210. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/cf-analytics.js +0 -0
  211. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/demo.gif +0 -0
  212. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon-16.png +0 -0
  213. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon-32.png +0 -0
  214. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon-512.png +0 -0
  215. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon-64.png +0 -0
  216. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon-apple-touch.png +0 -0
  217. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon-old.svg +0 -0
  218. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/favicon.svg +0 -0
  219. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/logo.svg +0 -0
  220. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/social-preview.png +0 -0
  221. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/threatrecall-lockup-monogram.svg +0 -0
  222. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/threatrecall-lockup.svg +0 -0
  223. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/threatrecall-logo-flat.svg +0 -0
  224. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/threatrecall-logo-philosophy.md +0 -0
  225. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/threatrecall-logo.png +0 -0
  226. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/threatrecall-mark.png +0 -0
  227. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/zettelforge_architecture-light.svg +0 -0
  228. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/assets/zettelforge_architecture.svg +0 -0
  229. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/brand/brandIdentity.md +0 -0
  230. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/brand/colors_and_type.css +0 -0
  231. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/explanation/architecture.md +0 -0
  232. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/explanation/epistemic-tiers.md +0 -0
  233. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/explanation/llm-budgets-and-timeouts.md +0 -0
  234. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/explanation/stix-in-zettelforge.md +0 -0
  235. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/explanation/two-phase-pipeline.md +0 -0
  236. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/explanation/zettelkasten-philosophy.md +0 -0
  237. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/configure-lancedb.md +0 -0
  238. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/configure-opencti.md +0 -0
  239. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/configure-pii.md +0 -0
  240. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/configure-typedb.md +0 -0
  241. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/ingest-news-report.md +0 -0
  242. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/integrate-llm-agent.md +0 -0
  243. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/migrate-jsonl-to-sqlite.md +0 -0
  244. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/query-apt-tools.md +0 -0
  245. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/reproduce-benchmarks.md +0 -0
  246. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/resolve-aliases.md +0 -0
  247. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/run-temporal-query.md +0 -0
  248. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/store-threat-actor.md +0 -0
  249. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/troubleshoot.md +0 -0
  250. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/upgrade.md +0 -0
  251. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/how-to/use-web-interface.md +0 -0
  252. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/human-evaluation-rubric.md +0 -0
  253. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/llms.txt +0 -0
  254. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/narrative/2026-04-16-the-memory-problem.md +0 -0
  255. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/overrides/main.html +0 -0
  256. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/architecture-deep-dive.md +0 -0
  257. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/memory-manager-api.md +0 -0
  258. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/module-inventory.md +0 -0
  259. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/retrieval-policies.md +0 -0
  260. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/stix-schema.md +0 -0
  261. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/reference/web-api.md +0 -0
  262. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-001-conversational-entity-extractor.md +0 -0
  263. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-002-universal-llm-provider.md +0 -0
  264. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-003-adversarial-review.md +0 -0
  265. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-003-read-path-depth-routing.md +0 -0
  266. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-007-operational-telemetry.md +0 -0
  267. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-009-enrichment-pipeline-v2.md +0 -0
  268. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-010-enrichment-hotfix.md +0 -0
  269. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-011-local-llm-backend-config.md +0 -0
  270. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-012-litellm-unified-provider.md +0 -0
  271. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-013-presidio-pii-detection.md +0 -0
  272. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-014-content-limits.md +0 -0
  273. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/rfcs/RFC-015-zettelforge-web-gui.md +0 -0
  274. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/stylesheets/brand-tokens.css +0 -0
  275. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/stylesheets/extra.css +0 -0
  276. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/stylesheets/fonts/Neuropol.otf +0 -0
  277. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/tutorials/01-quickstart.md +0 -0
  278. {zettelforge-2.6.2 → zettelforge-2.8.0}/docs/tutorials/02-first-cti-report.md +0 -0
  279. {zettelforge-2.6.2 → zettelforge-2.8.0}/examples/athf_bridge.py +0 -0
  280. {zettelforge-2.6.2 → zettelforge-2.8.0}/examples/mcp_claude_code.md +0 -0
  281. {zettelforge-2.6.2 → zettelforge-2.8.0}/governance/controls.yaml +0 -0
  282. {zettelforge-2.6.2 → zettelforge-2.8.0}/pr-body.md +0 -0
  283. {zettelforge-2.6.2 → zettelforge-2.8.0}/scripts/migrate_jsonl_to_sqlite.py +0 -0
  284. {zettelforge-2.6.2 → zettelforge-2.8.0}/scripts/rebuild_index.py +0 -0
  285. {zettelforge-2.6.2 → zettelforge-2.8.0}/scripts/record-demo.sh +0 -0
  286. {zettelforge-2.6.2 → zettelforge-2.8.0}/scripts/typedb-setup.sh +0 -0
  287. {zettelforge-2.6.2 → zettelforge-2.8.0}/scripts/zettelforge-rebuild.service +0 -0
  288. {zettelforge-2.6.2 → zettelforge-2.8.0}/scripts/zettelforge-rebuild.timer +0 -0
  289. {zettelforge-2.6.2 → zettelforge-2.8.0}/server.json +0 -0
  290. {zettelforge-2.6.2 → zettelforge-2.8.0}/skills/claude-code-skill.md +0 -0
  291. {zettelforge-2.6.2 → zettelforge-2.8.0}/skills/openclaw-skill.md +0 -0
  292. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/__main__.py +0 -0
  293. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/alias_resolver.py +0 -0
  294. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/backend_factory.py +0 -0
  295. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/blended_retriever.py +0 -0
  296. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/cache.py +0 -0
  297. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/consolidation.py +0 -0
  298. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/demo.py +0 -0
  299. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/detection/__init__.py +0 -0
  300. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/detection/base.py +0 -0
  301. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/detection/consumers.py +0 -0
  302. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/detection/explainer.py +0 -0
  303. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/edition.py +0 -0
  304. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/extensions.py +0 -0
  305. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/integrations/langchain_retriever.py +0 -0
  306. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/knowledge_graph.py +0 -0
  307. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/lance_maintenance.py +0 -0
  308. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/__init__.py +0 -0
  309. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/base.py +0 -0
  310. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/local_provider.py +0 -0
  311. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/mock_provider.py +0 -0
  312. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/ollama_provider.py +0 -0
  313. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/llm_providers/registry.py +0 -0
  314. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/log.py +0 -0
  315. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/mcp/__init__.py +0 -0
  316. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/mcp/__main__.py +0 -0
  317. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/mcp/server.py +0 -0
  318. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/memory_store.py +0 -0
  319. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/note_schema.py +0 -0
  320. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/observability.py +0 -0
  321. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/ocsf.py +0 -0
  322. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/pii_validator.py +0 -0
  323. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/retry.py +0 -0
  324. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/scripts/compact_lance.py +0 -0
  325. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/scripts/telemetry_aggregator.py +0 -0
  326. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/__init__.py +0 -0
  327. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/cli.py +0 -0
  328. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/entities.py +0 -0
  329. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/parser.py +0 -0
  330. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/schemas/NOTICE.md +0 -0
  331. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/schemas/__init__.py +0 -0
  332. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/schemas/sigma-correlation-rules-schema.json +0 -0
  333. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/schemas/sigma-detection-rule-schema.json +0 -0
  334. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/schemas/sigma-filters-schema.json +0 -0
  335. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/sigma/tags.py +0 -0
  336. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/synthesis_validator.py +0 -0
  337. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/__init__.py +0 -0
  338. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/cli.py +0 -0
  339. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/entities.py +0 -0
  340. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/schemas/CCCS_YARA.yml +0 -0
  341. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/schemas/CCCS_YARA_values.yml +0 -0
  342. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/schemas/NOTICE.md +0 -0
  343. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/schemas/__init__.py +0 -0
  344. {zettelforge-2.6.2 → zettelforge-2.8.0}/src/zettelforge/yara/tags.py +0 -0
  345. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/__init__.py +0 -0
  346. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/benchmark_scale.py +0 -0
  347. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/conftest.py +0 -0
  348. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/sigma/cloud_example.yml +0 -0
  349. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/sigma/correlation_example.yml +0 -0
  350. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/sigma/process_creation_example.yml +0 -0
  351. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/sigma/tagged_example.yml +0 -0
  352. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/yara/malware_hash.yar +0 -0
  353. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/yara/technique_loader.yar +0 -0
  354. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/fixtures/yara/webshell.yar +0 -0
  355. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_basic.py +0 -0
  356. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_blended_retriever.py +0 -0
  357. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_causal_extraction.py +0 -0
  358. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_config.py +0 -0
  359. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_consolidation.py +0 -0
  360. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_core.py +0 -0
  361. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_cti_integration.py +0 -0
  362. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_detection_explainer.py +0 -0
  363. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_detection_rule_entities.py +0 -0
  364. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_edition.py +0 -0
  365. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_embedding.py +0 -0
  366. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_entity_indexer_races.py +0 -0
  367. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_extensions.py +0 -0
  368. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_fact_extractor.py +0 -0
  369. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_governance.py +0 -0
  370. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_governance_spec_drift.py +0 -0
  371. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_graph_retriever.py +0 -0
  372. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_human_eval_sampler.py +0 -0
  373. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_intent_classifier.py +0 -0
  374. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_kg_edge_schema.py +0 -0
  375. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_lance_maintenance.py +0 -0
  376. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_langchain_retriever.py +0 -0
  377. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_logging_compliance.py +0 -0
  378. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_mcp_server.py +0 -0
  379. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_memory_evolver.py +0 -0
  380. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_memory_updater.py +0 -0
  381. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_pii_validator.py +0 -0
  382. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_recall_integration.py +0 -0
  383. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_sigma_entities.py +0 -0
  384. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_sigma_parser.py +0 -0
  385. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_sqlite_integration.py +0 -0
  386. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_storage_backend.py +0 -0
  387. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_telemetry_aggregator.py +0 -0
  388. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_telemetry_collector.py +0 -0
  389. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_telemetry_dashboard.py +0 -0
  390. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_telemetry_integration.py +0 -0
  391. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_temporal_graph.py +0 -0
  392. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_two_phase_e2e.py +0 -0
  393. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_typedb_client.py +0 -0
  394. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_web_api.py +0 -0
  395. {zettelforge-2.6.2 → zettelforge-2.8.0}/tests/test_yara_entities.py +0 -0
  396. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/app.py +0 -0
  397. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/auth.py +0 -0
  398. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/mcp_server.py +0 -0
  399. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/static/css/design_tokens.css +0 -0
  400. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/base.html +0 -0
  401. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/components/remember_panel.html +0 -0
  402. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/components/result_card.html +0 -0
  403. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/components/search_bar.html +0 -0
  404. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/components/synthesis_block.html +0 -0
  405. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/components/tab_bar.html +0 -0
  406. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/config_editor.html +0 -0
  407. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/templates/index.html +0 -0
  408. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/favicon-16.png +0 -0
  409. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/favicon-32.png +0 -0
  410. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/favicon-512.png +0 -0
  411. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/favicon-apple-touch.png +0 -0
  412. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/logo.svg +0 -0
  413. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/threatrecall-lockup.svg +0 -0
  414. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/assets/zettelforge_architecture.svg +0 -0
  415. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/colors_and_type.css +0 -0
  416. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/favicon.svg +0 -0
  417. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/fonts/Neuropol.otf +0 -0
  418. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/index.html +0 -0
  419. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/app.js +0 -0
  420. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/components/header.js +0 -0
  421. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/components/result-card.js +0 -0
  422. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/components/sidebar.js +0 -0
  423. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/components/spinner.js +0 -0
  424. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/components/tabs.js +0 -0
  425. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/components/toast.js +0 -0
  426. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/lib/api.js +0 -0
  427. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/lib/state.js +0 -0
  428. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/configuration.js +0 -0
  429. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/dashboard.js +0 -0
  430. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/entities.js +0 -0
  431. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/history.js +0 -0
  432. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/ingest.js +0 -0
  433. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/knowledge-graph.js +0 -0
  434. {zettelforge-2.6.2 → zettelforge-2.8.0}/web/ui/js/views/logs.js +0 -0
@@ -13,10 +13,10 @@ jobs:
13
13
  lint:
14
14
  runs-on: ubuntu-latest
15
15
  steps:
16
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
16
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
17
17
 
18
18
  - name: Set up Python
19
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
19
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
20
20
  with:
21
21
  python-version: '3.12'
22
22
 
@@ -35,13 +35,13 @@ jobs:
35
35
  pip-audit:
36
36
  runs-on: ubuntu-latest
37
37
  steps:
38
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
38
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
39
39
  - name: Set up Python
40
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
40
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
41
41
  with:
42
42
  python-version: '3.12'
43
43
  - name: Install pip-audit
44
- run: pip install pip-audit
44
+ run: pip install pip-audit==2.9.0
45
45
  - name: Audit dependencies (any reported vuln blocks)
46
46
  run: |
47
47
  pip install -e ".[dev]" || pip install -e "."
@@ -49,7 +49,7 @@ jobs:
49
49
  # --ignore-vuln=CVE-... with a citation when the finding is
50
50
  # explicitly accepted per GOV-009 §"Vulnerability Response".
51
51
  #
52
- # CVE-2026-3219: vulnerability in `pip` itself (the package
52
+ # CVE-2026-3219 / PYSEC-2026-196: vulnerability in `pip` itself (the package
53
53
  # manager), not a project dependency. The runner's pip is
54
54
  # supplied by GitHub's setup-python image and is not something
55
55
  # ZettelForge's pyproject can pin or upgrade. Risk-accepted
@@ -57,25 +57,59 @@ jobs:
57
57
  # install, not at runtime; CI builds in ephemeral runners with
58
58
  # no persistent state. Re-evaluate when GitHub's images ship a
59
59
  # patched pip.
60
- pip-audit --strict --vulnerability-service=osv \
61
- --ignore-vuln=CVE-2026-3219
60
+ #
61
+ # CVE-2023-36464 / GHSA-4vvm-4w3v-6mr8: medium-severity
62
+ # infinite-loop DoS in PyPDF2 3.0.1, introduced transitively by
63
+ # Maigret. PyPDF2 has no patched release under that package name
64
+ # (upstream recommends migrating to pypdf>=3.9.0), and ZettelForge's
65
+ # AGE-120 username collector does not parse attacker-supplied PDFs or
66
+ # invoke Maigret report generation. Accepted for AGE-120 because the
67
+ # GOV-009 blocking threshold is HIGH/CRITICAL and the collector
68
+ # lazy-imports/fails closed.
69
+ #
70
+ # --skip-editable: do not audit the editable local zettelforge
71
+ # install. It is the project itself, not a third-party dependency,
72
+ # and on a release-prep PR its version is bumped ahead of PyPI
73
+ # (e.g. 2.8.0 before publish), so pip-audit cannot resolve it.
74
+ #
75
+ # --strict is intentionally NOT used: it fails the run whenever a
76
+ # distribution can't be audited, which includes the editable
77
+ # package we deliberately skip ("distribution marked as editable").
78
+ # pip-audit still exits non-zero on any real reported vulnerability,
79
+ # so the "any reported vuln blocks" gate is preserved; every
80
+ # third-party dependency (and the runner's pip) is still audited.
81
+ pip-audit --skip-editable \
82
+ --ignore-vuln=CVE-2026-3219 \
83
+ --ignore-vuln=PYSEC-2026-196 \
84
+ --ignore-vuln=CVE-2023-36464
62
85
 
63
86
  test:
64
87
  runs-on: ubuntu-latest
65
88
  needs: lint
66
89
  strategy:
67
90
  fail-fast: false
91
+ # The fastembed model download is shared across Python versions. Running
92
+ # these jobs in parallel can double-hit HuggingFace and trigger 429s.
93
+ max-parallel: 1
68
94
  matrix:
69
95
  python-version: ['3.12', '3.13']
70
96
 
71
97
  steps:
72
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
98
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
73
99
 
74
100
  - name: Set up Python ${{ matrix.python-version }}
75
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
101
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
76
102
  with:
77
103
  python-version: ${{ matrix.python-version }}
78
104
 
105
+ - name: Cache fastembed model
106
+ uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
107
+ with:
108
+ path: |
109
+ ~/.cache/fastembed
110
+ ~/.cache/huggingface
111
+ key: fastembed-nomic-embed-text-v1.5-Q-${{ runner.os }}
112
+
79
113
  - name: Install dependencies
80
114
  run: |
81
115
  python -m pip install --upgrade pip
@@ -102,19 +136,21 @@ jobs:
102
136
 
103
137
  - name: Upload coverage
104
138
  if: matrix.python-version == '3.12'
105
- uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2
106
- with:
107
- file: ./coverage.xml
108
- fail_ci_if_error: false
139
+ continue-on-error: true
140
+ env:
141
+ CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
142
+ run: |
143
+ python -m pip install codecov-cli
144
+ codecovcli upload-process -f ./coverage.xml
109
145
 
110
146
  governance:
111
147
  runs-on: ubuntu-latest
112
148
  needs: lint
113
149
  steps:
114
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
150
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
115
151
 
116
152
  - name: Set up Python
117
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
153
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
118
154
  with:
119
155
  python-version: '3.12'
120
156
 
@@ -139,10 +175,10 @@ jobs:
139
175
  needs: [test, governance]
140
176
 
141
177
  steps:
142
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
178
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
143
179
 
144
180
  - name: Set up Python
145
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
181
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
146
182
  with:
147
183
  python-version: '3.12'
148
184
 
@@ -14,8 +14,8 @@ jobs:
14
14
  deploy:
15
15
  runs-on: ubuntu-latest
16
16
  steps:
17
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
18
- - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
17
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
18
+ - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
19
19
  with:
20
20
  python-version: '3.12'
21
21
  - run: pip install mkdocs-material
@@ -6,15 +6,19 @@ on:
6
6
 
7
7
  jobs:
8
8
  publish:
9
+ # Package-only releases (for example packages-v0.1.0) are not
10
+ # Python package releases and must not attempt a PyPI upload.
11
+ if: startsWith(github.event.release.tag_name, 'v')
9
12
  runs-on: ubuntu-latest
10
13
  permissions:
14
+ contents: read
11
15
  id-token: write # trusted publishing
12
16
 
13
17
  steps:
14
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
18
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
15
19
 
16
20
  - name: Set up Python
17
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
21
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
18
22
  with:
19
23
  python-version: '3.12'
20
24
 
@@ -17,10 +17,10 @@ jobs:
17
17
  actions: read
18
18
  runs-on: ubuntu-latest
19
19
  steps:
20
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
20
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
21
21
 
22
22
  - name: Set up Python
23
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
23
+ uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1
24
24
  with:
25
25
  python-version: '3.12'
26
26
 
@@ -65,7 +65,7 @@ jobs:
65
65
 
66
66
  - name: Upload SARIF to GitHub
67
67
  if: steps.check_token.outputs.has_token == 'true'
68
- uses: github/codeql-action/upload-sarif@b25d0ebf40e5b63ee81e1bd6e5d2a12b7c2aeb61
68
+ uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e
69
69
  with:
70
70
  sarif_file: snyk-code.sarif
71
71
  continue-on-error: true
@@ -12,7 +12,7 @@ jobs:
12
12
  stale:
13
13
  runs-on: ubuntu-latest
14
14
  steps:
15
- - uses: actions/stale@v9
15
+ - uses: actions/stale@v10
16
16
  with:
17
17
  repo-token: ${{ secrets.GITHUB_TOKEN }}
18
18
 
@@ -3,6 +3,19 @@
3
3
  Visual diagram: [`docs/architecture-diagram.mmd`](docs/architecture-diagram.mmd)
4
4
  Deep explanation: [`docs/explanation/architecture.md`](docs/explanation/architecture.md)
5
5
 
6
+ ## Foundational Model: Two Hemispheres
7
+
8
+ ZettelForge is modeled on the brain. A symbolic left hemisphere (the typed,
9
+ STIX-aligned knowledge graph with schema enforcement and rule-based inference) is
10
+ the precise, explainable authority of record. An associative right hemisphere
11
+ (blended vector and graph retrieval with GraphRAG and agentic synthesis) explores
12
+ and proposes. Underneath both, knowledge is atomic facts connected by directed,
13
+ time-stamped, pairwise associations, with time and provenance as first-class
14
+ primitives (Cognitive Data Model, Pieris 2025). The components below implement
15
+ this model. See [design philosophy](docs/explanation/design-philosophy-dual-hemisphere.md)
16
+ for the rationale and research basis, and [GOVERNANCE.md](GOVERNANCE.md) for the
17
+ binding design commitment.
18
+
6
19
  ## Storage
7
20
 
8
21
  ZettelForge uses a `StorageBackend` ABC (33 methods) with pluggable
@@ -6,6 +6,107 @@ Versioning follows [Semantic Versioning](https://semver.org/).
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [2.8.0] - 2026-06-26
10
+
11
+ Feature release. Extends the RFC-016 OSINT layer with passive ingest and
12
+ live AGE-120 enrichers, adds AGE-127 prompt-injection /
13
+ retrieval-poisoning guardrails across the memory pipeline, and lays the
14
+ RFC-018 Phase 0 enrichment job ledger foundation, alongside configurable
15
+ LLM generation budgets and bulk detection-ingest hardening. No data
16
+ migration is required.
17
+
18
+ ### Added
19
+
20
+ - **Prompt-injection and retrieval-poisoning guardrails** (AGE-127). A
21
+ deterministic guard for untrusted memory and CTI text, wired into the
22
+ remember, recall, synthesis, fact-extraction, entity-indexing,
23
+ note-construction, intent-classification, memory-update, and evolution
24
+ boundaries. LLM prompts are hardened to treat query and context text as
25
+ untrusted evidence. (#166)
26
+ - **Passive OSINT executor** (RFC-016 Phase 1.5). Validates collector
27
+ tuples and persists knowledge-graph writes; scopes OSINT alias caching to
28
+ each `KnowledgeGraph` instance; canonicalizes Organization values to
29
+ avoid WHOIS/RDAP duplicates; treats an explicit empty collector
30
+ allow-list as empty; adds user-facing passive OSINT docs and mkdocs
31
+ navigation. (#163)
32
+ - **Live OSINT enrichers** (AGE-120). Native RFC-016 collectors that feed
33
+ the graph backend: WHOIS/DNS, maigret/sherlock username discovery, HIBP
34
+ breach lookup, and blockchain wallet transactions, with OSINT
35
+ ontology / executor / entity-resolution / graph-persistence extensions.
36
+ The network collectors are an opt-in `[osint]` extra, key-gated and
37
+ fail-closed, and are never auto-triggered by `remember()`. Known
38
+ fast-follow robustness items are tracked in #176. (#167)
39
+ - **RFC-018 Phase 0 enrichment job ledger.** Durable SQLite job-metadata
40
+ foundation with `MemoryManager` queue-state recording and regression
41
+ tests, plus the RFC-018 spec for the next ingestion, enrichment,
42
+ parser-safety, metadata-policy, operator-health, and release-train
43
+ improvements. (#178)
44
+ - Configurable LLM generation budgets for causal extraction, synthesis,
45
+ fact extraction, NER, and memory evolution, plus `reasoning_model` scaling
46
+ floors and `<think>` / `<thinking>` JSON parse stripping. (#153)
47
+ - Bulk Sigma/YARA ingest can defer enrichment and drain once via
48
+ `MemoryManager.flush()`. (#153)
49
+
50
+ ### Fixed
51
+
52
+ - Hardened CCCS YARA metadata validation against multiline regex injection
53
+ and overly permissive author values. (#153)
54
+ - `MemoryManager.flush()` now waits for in-flight enrichment work, not only
55
+ queued work; cached `Plyara` parsing is serialized for concurrent callers. (#153)
56
+
57
+ ## [2.7.0] - 2026-05-26
58
+
59
+ Security and OSINT release. Adds the RFC-016 OSINT layer and the first
60
+ SEC-011 / MemSAD-inspired write-time memory-poisoning defense. No data
61
+ migration is required. The new memory defense ships in audit mode by default.
62
+
63
+ ### Added
64
+
65
+ - **OSINT layer scaffold and Phase 1 collectors** (RFC-016). Adds
66
+ `zettelforge.osint` with infrastructure, breach, people, social, and
67
+ technology collector packages; OSINT ontology and relation extensions;
68
+ entity canonicalization helpers; collector registry; and tests covering
69
+ DNS, WHOIS, certificates, BGP, ports, breach, people, social, and tech
70
+ collector contracts. Optional runtime dependencies are available with
71
+ `pip install zettelforge[osint]`.
72
+ - **Write-time memory anomaly defense** (SEC-011 / MemSAD). New
73
+ `MemoryAnomalyGate` scores candidate notes before persistence using
74
+ MemSAD-style max/mean embedding similarity against recent domain
75
+ calibration notes plus character n-gram Jensen-Shannon divergence to
76
+ reduce synonym/paraphrase evasion. Config lives under
77
+ `governance.memory_defense`; default mode is `audit`, with `block` and
78
+ `quarantine` available once a deployment has a clean calibration corpus.
79
+ - **Quarantine path for rejected memory writes.** In `quarantine` mode,
80
+ flagged notes are written to JSONL forensic quarantine and are not exposed
81
+ to recall, entity lookup, LanceDB, or graph traversal.
82
+ - **CrewAI integration** (issue #40). New optional extra
83
+ `pip install zettelforge[crewai]` exposes `ZettelForgeRecallTool`,
84
+ `ZettelForgeRememberTool`, and `ZettelForgeSynthesizeTool` as CrewAI
85
+ `BaseTool` subclasses. CTI-focused crews can now use ZettelForge as a
86
+ drop-in alternative to CrewAI's existing Mem0 memory tools, with
87
+ per-tool description copy aimed at routing the LLM to the right tool
88
+ (recall for lookups, remember for findings, synthesize for final answers).
89
+ See `examples/crewai_cti_crew.py` for a runnable two-agent demo.
90
+ Tests gated on `pytest.importorskip("crewai")`; 11 pass against
91
+ crewai 1.14.x.
92
+
93
+ ### Changed
94
+
95
+ - **Telemetry attribution compatibility.** `caller` is now supported in
96
+ telemetry events while the previous `actor` field and method arguments
97
+ remain backward-compatible for existing dashboards and tests.
98
+ - **Real LLM integration and performance tests are explicit opt-in.**
99
+ Set `ZETTELFORGE_RUN_LLM_INTEGRATION=1` or
100
+ `ZETTELFORGE_RUN_PERFORMANCE_TESTS=1` to run environment-sensitive suites.
101
+ The default regression suite is now deterministic on machines without
102
+ local LLM credentials or dedicated benchmark hardware.
103
+
104
+ ### Tests
105
+
106
+ - Added focused memory-defense tests for insufficient calibration, audit-mode
107
+ anomaly detection, and quarantine writes.
108
+ - Default regression gate: `742 passed, 13 skipped`.
109
+
9
110
  ## [2.6.2] - 2026-04-27
10
111
 
11
112
  UI/UX release. Fixes the `/config` page so the Apply button actually works
@@ -0,0 +1,49 @@
1
+ # Governance
2
+
3
+ ## Maintainer
4
+
5
+ ZettelForge is maintained by Patrick Roland (@rolandpg).
6
+
7
+ ## Licensing Commitment
8
+
9
+ ZettelForge is MIT licensed. This will not change.
10
+
11
+ ## Design Commitment: Brain-Inspired Memory Architecture
12
+
13
+ ZettelForge is modeled on the brain by deliberate decision, not metaphor. This
14
+ commitment is binding on the architecture and will not be quietly abandoned.
15
+
16
+ The memory engine is dual-hemisphere. A symbolic left hemisphere (a typed,
17
+ STIX/ATT&CK-aligned knowledge graph with schema enforcement and rule-based
18
+ inference) is the authority of record: precise, constraint-checked, and
19
+ explainable. An associative right hemisphere (blended vector and graph retrieval,
20
+ GraphRAG, and agentic synthesis) explores and proposes, and writes back into the
21
+ symbolic layer only through validated paths. The two layers stay distinct.
22
+
23
+ Underneath both, knowledge is represented as atomic facts connected by directed,
24
+ time-stamped, pairwise associations (the Cognitive Data Model, Pieris 2025). Time
25
+ and provenance are first-class primitives: every note and claim carries its
26
+ source, markings (TLP), confidence, and time validity, and every retrieval result
27
+ carries provenance. Ingested content is untrusted and is sanitized or isolated
28
+ before any model call. Quantitative quality or performance claims are reproduced
29
+ on the project's own CTI benchmark suite before being stated as fact.
30
+
31
+ Changes to storage, retrieval, the knowledge graph, or ingestion MUST preserve
32
+ this model, and design decisions SHOULD cite the relevant hemisphere or layer.
33
+ The full rationale and research basis are in
34
+ [docs/explanation/design-philosophy-dual-hemisphere.md](docs/explanation/design-philosophy-dual-hemisphere.md).
35
+
36
+ ## Extension Boundary
37
+
38
+ The extension package (`zettelforge-enterprise`) provides features
39
+ that require external infrastructure (TypeDB, OpenCTI, multi-tenant
40
+ OAuth). The open source project will never be degraded to create
41
+ commercial incentive.
42
+
43
+ Rule: if a feature works with JSONL + local embeddings, it belongs
44
+ in this repo.
45
+
46
+ ## Contributions
47
+
48
+ Community contributions are reviewed on their technical merits.
49
+ All contributions to this repository remain MIT licensed.